How to enable SSH on a Synology NAS and access it from a macOS Terminal

While you should be able to use Disk Station Manager to configure and user your Synology NAS, some prefer to use a command prompt. So in these instances, you can use SSH which creates a secure tunnel through which you access your NAS.

On rare occasions, you might have to view or modify a file or folder that DSM does not have permissions to access. In this instance, you will need to use the Root account on your NAS. However, as you can’t access Root from within the DSM, you are going to need to use Secure Shell (SSH). 

So in this video we demonstrate how you enable SSH, change firewall settings and create a secure SSH tunnel using the Terminal in macOS. 

Notes: The Root account gives you virtually unlimited access to all programs, files and resources on your Synology NAS. So when using commands with root you need to be extremely careful to not damage system files. 

Quick reference notes:

• Log into Disk Station Manager using your Administrators credentials 
• Open Control Panel – Terminal & SNMP
• Under Terminal, enable SSH service
• A warning window will appear, select OK

Note: As we have a Firewall enabled on our NAS, we are prompted to enable port 22. It’s worth noting that while port 22 is open on our NAS, it has not been opened on our router. So we should not be able to remotely access our NAS via SSH. Instead we can access SSH, via any computers connected to our local network. 

Note: Whenever you adjusting the firewall settings in your home network, we recommend that you confirm that you have not unintentionally opened a port to the internet. The easiest way to do this is to use Shields-up.

• We can now close Disk Station Manager and log into macOS
• From the macOS Desktop open a Terminal window
• At the command prompt type:

ssh [administrator]@[ipaddress]

Note: You need to user the administrators name for your NAS, along with typing the local IP address to your NAS.

• You will now have to agree to adding an ECDA fingerprint to your computer. Type yes and press enter on your keyboard
• Enter the administrators password to your NAS
• You will now be connected to your NAS via SSH

Note: You will know that you are connected to your NAS through an SSH tunnel, because at the command prompt, you will see the name you are logged in with, along with the name of your NAS. For example [administrator]@[name of your NAS]

Accessing the Root account

• To access the Root account on your NAS, you will need to do the following:

sudo -i

• When prompted for a password enter the administrators password to your NAS. This will log you into the Root account

Note: The Root account is a powerful account, so when using it, you need to make sure that you know exactly what you are doing. A mistake while using Root could leave your NAS inoperable.

Disable SSH and reset your Firewall

• To disable SSH you need to log back into Disk Station Manager using your Administrators credentials
• Open Control Panel – Terminal & SNMP
• Under Terminal, disable SSH service
• Select Apply
• Now from the sidebar of the Control Panel choose Security and choose the Firewall tab
• Within Firewall panel select Edit Rules
• From the list locate Encrypted Terminal Services and either untick that option or delete the rule

Note: If you only untick this option, and ever need to use SSH in the future. You will need to remember to manually enable Encrypted Terminal Services in order to use SSH. However if you delete the rule, when you enable SSH, you will be prompted to add the Encrypted Terminal Services Rule back into your firewall. 

• Select OK
• SSH is now disabled on your NAS

Reference materials:

• Synology Knowledge Center article – How can I sign into DSM/SRM with root privilege via SSH
• Wikipedia – Secure Shell (SSH)
• www.ssh.com – Root User Account